Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3198396pxb; Mon, 9 Nov 2020 05:24:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJwSPRXIMNz0jciPm2vq0r8joggMP4j2fcZuWur4y6lAhCkcHEEldMK+DtIZIHfWo6NZ6vQN X-Received: by 2002:a17:906:13cd:: with SMTP id g13mr15780517ejc.394.1604928251233; Mon, 09 Nov 2020 05:24:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604928251; cv=none; d=google.com; s=arc-20160816; b=0p7ouN3upHmFC6yVhptbV014VxIfQipHD4VbzefT9q/Kp1uWDvHu93hmLdYuOXfowb F3xO+dv9DyC5Y6Hw8XQGCi6FRcypXoCrVrIl0B2HBiDAGfi0dOBxecYmru6MrwHD3eKz KAj3MSo7CYi1p2XcESm148LboHZECFZZaK4v3DtkcjBg584Nxt/64O0ek1iKK/sDmGsA J6uXu8VX/Bb/58U/foMg15g8ixxKKCilHwXfnwB1MDCne74LgbjiE7tuIC6z0iKz85sS cebI00RBVe8VQ9FayHm1G4wTH5YZvnANequ/3pY7NA3o2Ue4IQ34doH5SyeqVBzdArmB HBRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=IfoV/xggJLWsc5CXwdmCti8HvXcXf6riB3KtWEjnNrk=; b=wu+7KLFkCKt521ODVgAIOuSH6nNlCw7jY9WghUAKy4q1CJx+BcZPoO6Z4RkWQMKF9T UcCqwClzYjTfX3DH/A7W+C6mH7BYAoB6scfSsE9ffjSkn6/5myx1x0smM/Za4MafosMN lgzE2L2ltypm0gZa6RWXrU/RtSB3vlxSM93fYqkyXqJZ6yOYhLOJJdng5WO5wXpFvWD4 pBocfCgbfXm16EZ6ffIlrbmAgvH1zmn6ooP1wXoVlASCj/XeShjiVlEJMO5RATn5kmY2 GwvbQk43/RwcJhfbr21BsKDJrz/AGc10ylbCMBWk0cgzY+VprV9PtqyxbHHkhPOMeggU J+ig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NzwuPw99; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gs24si6935427ejb.74.2020.11.09.05.23.48; Mon, 09 Nov 2020 05:24:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NzwuPw99; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388099AbgKINVg (ORCPT + 99 others); Mon, 9 Nov 2020 08:21:36 -0500 Received: from mail.kernel.org ([198.145.29.99]:49452 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388090AbgKINVf (ORCPT ); Mon, 9 Nov 2020 08:21:35 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A230F2065D; Mon, 9 Nov 2020 13:21:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604928094; bh=OrBBqNpj4um0W3Z1ypB0ujgiH2V8/kvdg9LB+qdIoPc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NzwuPw99Qqbj6jico3MB8LeNn7cDPM95LcjoHkwVcS1VvzFSTIjcB7c/+Z+SulzTC yYHap40/1G3gyWoYwsN20xI67synImweqEbLCpXv/QOC5iUQAY8cuZNf/RHikqiuwk wXEnYK533wcHlVwof0N2RxEwvk+A6fs0PFLxG5zk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pavel Begunkov , Jens Axboe Subject: [PATCH 5.9 124/133] io_uring: fix link lookup racing with link timeout Date: Mon, 9 Nov 2020 13:56:26 +0100 Message-Id: <20201109125036.650991539@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201109125030.706496283@linuxfoundation.org> References: <20201109125030.706496283@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Pavel Begunkov commit 9a472ef7a3690ac0b77ebfb04c88fa795de2adea upstream. We can't just go over linked requests because it may race with linked timeouts. Take ctx->completion_lock in that case. Cc: stable@vger.kernel.org # v5.7+ Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman --- fs/io_uring.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -8176,7 +8176,21 @@ static bool io_timeout_remove_link(struc static bool io_cancel_link_cb(struct io_wq_work *work, void *data) { - return io_match_link(container_of(work, struct io_kiocb, work), data); + struct io_kiocb *req = container_of(work, struct io_kiocb, work); + bool ret; + + if (req->flags & REQ_F_LINK_TIMEOUT) { + unsigned long flags; + struct io_ring_ctx *ctx = req->ctx; + + /* protect against races with linked timeouts */ + spin_lock_irqsave(&ctx->completion_lock, flags); + ret = io_match_link(req, data); + spin_unlock_irqrestore(&ctx->completion_lock, flags); + } else { + ret = io_match_link(req, data); + } + return ret; } static void io_attempt_cancel(struct io_ring_ctx *ctx, struct io_kiocb *req)